mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-04-20 18:08:17 +00:00
Code Issues Projects Releases Wiki Activity
28 Commits 6 Branches 0 Tags
f0f6b205e8b8c28fa3c798e832ddec49fdb00571
Commit Graph

28 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lans Zhang
f0f6b205e8 packagegroup-ima*: clean up the RDEPENDS 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:17:07 +08:00
Lans Zhang
71da40089f initrdscripts-secure-core: renamed from initramfs-secure-core 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 17:15:30 +08:00
Lans Zhang
d9b358b374 initramfs-secure-core: clean up /init script 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 12:04:41 +08:00
Lans Zhang
572b7999c3 meta-integrity: implement the system trusted cert and IMA trusted cert 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-04 10:39:00 +08:00
Lans Zhang
34c28b6a2d meta-signing-key: enable authorityKeyIdentifier for x509 v3 
Otherwise the x509 parser in kernel cannot load a x509 certificate without
authorityKeyIdentifier.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 20:55:25 +08:00
Lans Zhang
1ec1fed661 seloader: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:53:47 +08:00
Lans Zhang
167f41f260 meta-signing-keys: use DER-formatted system trusted key and signed IMA trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:52:18 +08:00
Lans Zhang
70e33652e5 user-key-store: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:51:30 +08:00
Lans Zhang
353a003f1b Use the DER-formatted system trusted key 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:50:59 +08:00
Lans Zhang
3816bb03fd init: clean up code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:48:25 +08:00
Lans Zhang
81553a81fb Rename .pem to .crt 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 15:47:53 +08:00
Lans Zhang
a93993cdc9 initramfs-secure-core: fix missing the license file 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 10:07:38 +08:00
Lans Zhang
c3f89c1931 initramfs-secure-core: define the /init script for the initramfs image 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:22:42 +08:00
Lans Zhang
5135786fa3 kernel-initramfs: define this package to include the initramfs image for kernel boot 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:21:44 +08:00
Lans Zhang
0551bc8d84 secure-core-image-initramfs: define the initramfs image type 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:18:51 +08:00
Lans Zhang
8c7accebab secure-core-image: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-07-03 09:16:40 +08:00
Lans Zhang
5233d3cf5e shim: fix OVMF crash 
- httpboot.o cannot be built if ".PRECIOUS: " is placed ahead
  of "<tab>CFLAGS +=".
- uri pointer should not be freed if NULL.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 17:07:20 +08:00
Lans Zhang
dcfd67c60b shim: clean up the code style 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-30 13:41:37 +08:00
Lans Zhang
e664a331d5 code style fixup 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-29 10:52:06 +08:00
Lans Zhang
ad2d9c8e22 create-user-key-store.sh: restructured for self-signing and ca signing 
Meanwhile, the IMA user key is signed by system user key.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-29 10:46:13 +08:00
Lans Zhang
9fd5778732 secure-core-image: install ima-related packages if ima feature configured 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 12:50:52 +08:00
Lans Zhang
e280094b5b shim: enable http boot support 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:43:10 +08:00
Lans Zhang
d82dc56d88 cryptfs-tpm2: sync up with upstream 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:42:18 +08:00
Lans Zhang
8e01c0a442 IMA: refresh kernel cfg 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:33:39 +08:00
Lans Zhang
dcc933df6e linux-yocto-efi-secure-boot: don't use sccs to define the included kernel cfg 
The variable sccs is used internally and thus it will be corrupted by the external
definition.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-26 11:25:31 +08:00
Meng Li
92f65d3394 openssl-tpm-engine: parse an encrypted tpm SRK password from env 
Before, we support reading SRK password from env TPM_SRK_PW,
but it is a plain password and not secure.
So, we improve it and support to get an encrypted (AES algorithm)
SRK password from env, and then parse it. The default decrypting
AES password and salt is set in bb file.
When we initialize TPM, and set a SRK pw, and then we need to
encrypt it with the same AES password and salt by AES algorithm.
At last, we set a env as below:
export TPM_SRK_ENC_PW=xxxxxxxx
"xxxxxxxx" is the encrypted SRK password for libtpm.so.

Signed-off-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-23 21:52:57 +08:00
Guojian Zhou
e6c0acbede Ignore the KEYS DIR in the do_package and do_sign task dependence 
Signed-off-by: Guojian Zhou <guojian.zhou@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-23 13:16:20 +08:00
Lans Zhang
1b3e594449 meta-secure-core: initial commit 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 2017-06-22 15:24:04 +08:00